Minneapolis

US government agencies hacked; Russia a possible culprit – Twin Cities

2020-12-13 19:44:42 –

By ERIC TUCKER, TOM KRISHER, FRANK BAJAK

Washington (AP) —Hackers were revealed shortly after U.S. officials warned that cyberattackers associated with the Russian government were exploiting vulnerabilities to target sensitive data. It broke into a network of federal agencies, including the Department of Commerce.

The FBI and the Department of Homeland Security’s cybersecurity department are investigating what appears to be a major intrusion by US government agencies by experts and former officials.

“This could be one of the most influential espionage campaigns on record,” said cybersecurity expert Dmitri Alperovitch.

Hacking was revealed a few days after a major cybersecurity company revealed that a foreign government hacker had breached the network and stole the company’s own hacking tools. Many experts suspect that Russia is responsible for the attack on FireEye, a leading cybersecurity player whose customers are the federal government, state governments, local governments, and the world’s top companies.

An obvious route to Treasury and Commerce hacking (and FireEye breaches) is a very popular server software called SolarWinds. Alperovitch, a former chief technology officer of cybersecurity firm CrowdStrike, said it is used by hundreds of thousands of organizations around the world, including most Fortune 500 companies and several U.S. government agencies patching their networks. I’m trying to apply.

It’s been a week since the National Security Agency’s recommendation warned that Russian government hackers exploited vulnerabilities in systems used by the federal government to “give attackers access to protected data.” The attack was revealed before long.

The U.S. government has not publicly identified Russia as the culprit behind Reuters’ first reported hacking and makes little mention of who is responsible.

In a statement, National Security Council spokesman John William said the government “has taken all necessary steps to identify and remedy possible problems associated with this situation.” ..

The government’s cybersecurity and infrastructure security agencies have individually stated that they are “working with other agencies on recently discovered activities in government networks.” CISA provides technical assistance as affected entities are working to identify and mitigate potential breaches. “

President Donald Trump fired CISA director Chris Krebs last month after Krebs assured the integrity of the presidential election and challenged Trump’s allegations of widespread fraud.

“This kind of hacking takes extraordinary trade crafting and time,” Krebs said in a tweet on Sunday, raising the possibility that it had been going on for months.

“I think this is still early,” Krebs wrote.

Federal agencies have long been an attractive target for foreign hackers.

A Russian-related hacker broke into the State Department’s email system in 2014 and became so infectious that experts had to block it from the Internet to eliminate the intrusion.

Reuters previously reported that a foreign government-backed group stole information from the Treasury and the Commerce Department’s agency responsible for Internet and telecommunications policy decisions.

The Treasury has postponed comments on the National Security Council. A Commerce Department spokesperson confirmed “a breach in one of our offices” and said “we asked the CISA and FBI to investigate.” The FBI did not comment immediately.

The Washington Post reported on Sunday that two federal agencies and FireEye were all compromised through the SolarWinds network management system, citing three unnamed sources.

Austin, Texas-based SolarWinds confirmed in an email to the Associated Press on Sunday that there was a “potential vulnerability” related to an update released earlier this year for Orion products. This helps organizations monitor their online networks for problems and outages.

“We believe this vulnerability is the result of a highly sophisticated, targeted manual supply chain attack by the state,” SolarWinds CEO Kevin Thompson said in a statement. ..

Configuration is important because SolarWinds provides hackers with “God-mode” access to the network and visibility into everything, Alperovich said.

Last Tuesday, FireEye said a foreign government hacker with “world-class capabilities” broke into the network and stole the offensive tools used to investigate the defenses of thousands of customers. .. These customers include federal, state, and local governments, as well as the world’s top companies.

Hackers “were primarily looking for information related to specific government customers,” FireEye CEO Kevin Mandia said unnamed in a statement. He said there were no signs of obtaining customer information or threat intelligence data collected from the company’s consulting or breach response business.

Former NSA hacker Jake Williams said it was clear that both the Treasury and FireEye were hacked using the same vulnerability.

“I don’t think the timing of the release here is a coincidence,” said Williams, president of cybersecurity firm Rendition Infosec.

He said he had made sure that FireEye had been hacked by the FBI and other Federal Bureaus of Investigation, and that the Treasury had determined it had been compromised as well.

“I think many of the other (federal) agencies I’ve heard from this week have also been hit,” Williams added.

FireEye responded to Sony and Equifax data breaches and helped Saudi Arabia thwart cyberattacks in the oil industry. It has also played an important role in identifying Russia as the protagonist of numerous attacks in the hell of a fast-growing global digital conflict.

Neither Mandia nor a FireEye spokesperson mentions when the company detects a hack or who could be held responsible. However, many in the cybersecurity community are suspicious of Russia.

___

Krisher reported from Detroit and Bajak from Boston. Associated Press writer Matt O’Brien contributed to this report from Providence, Rhode Island.

US government agencies hacked; Russia a possible culprit – Twin Cities Source link US government agencies hacked; Russia a possible culprit – Twin Cities

Back to top button